CrowdStrike Certified Falcon Administrator (CCFA) — Question 96

You notice there are multiple Windows hosts in Reduced functionality mode (RFM). What is the most likely culprit causing these hosts to be in RFM?

Answer options

• A. A Sensor Update Policy was misconfigured
• B. A host was offline for more than 24 hours
• C. A patch was pushed overnight to all Windows systems
• D. A host was placed in network containment from a detection

Correct answer: C

Explanation

The correct answer is C, as pushing a patch to all Windows systems can lead to them entering RFM if the patch requires activation or causes compatibility issues. Option A is incorrect because a misconfigured Sensor Update Policy would not directly cause RFM. Option B is also not the cause, as being offline for 24 hours does not necessarily trigger RFM. Option D is incorrect because network containment usually prevents access, but does not directly lead to RFM status.